Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Totolink N300RH Router: Remote Code Execution via Malicious WiFi Config
CVE-2026-3696
Summary
A flaw in the Totolink N300RH router allows an attacker to run unauthorized commands on the device from anywhere. This is a serious security risk because an attacker could take full control of the router and disrupt or compromise the network. To protect your network, update the router's software to the latest version as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| totolink | n300rh_firmware | 6.1c.1353_b20190305 | – |
Original title
A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a ...
Original description
A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026